<?php
/////////// includes
include ("vipconfig.php");
include ("rcon.class.php");
include ("./viptranslations/$lang.php");
///////////

/////////// database connection
mysql_connect($db_host, $db_user, $db_pass) or
die("Could not connect: " . mysql_error());
mysql_select_db($db_base);
///////////

////////// check if steamid is entered
$steamidvalid = false;

if (isset($_POST['steamid'])) {
    $steamid = strtoupper(htmlspecialchars(trim($_POST['steamid']), ENT_QUOTES | ENT_NOQUOTES));
    if (strpos($steamid, 'STEAM_') !== false) {
        $steamidvalid = true; // true, we have it
    }
}
///////////

////////// check if steamid is confirmed
$confirmed = false;
if (isset($_POST['confirmed'])) {
    $confirmedstr = htmlspecialchars(trim($_POST['confirmed']), ENT_QUOTES | ENT_NOQUOTES);
    if ($confirmedstr == "ok") {
        $confirmed = true;
    }
}

$codevalid = false;
$codeid = -1;
$codeactivated = false;
///////////

////////// check if activation code is valid (exists and not activated yet)
if (isset($_POST['code']) && ($code != "")) {
    $code = htmlspecialchars(trim($_POST['code']), ENT_QUOTES | ENT_NOQUOTES);
    $query = "SELECT `id`,`activated`, `code` FROM `$codestable` where `code` = '$code'";
    $result = mysql_query($query);
    if (!is_bool($result)) {
        $row = mysql_fetch_array($result, MYSQL_NUM);
        $codeid = intval($row[0]);
        $codeactivatedint = intval($row[1]);
        if (($codeid > 0) && ($code == $row[2])) {
            $codevalid = true;
            if ($codeactivatedint == 1) {
                $codeactivated = true;
                $codevalid = false;
            }
        }
        mysql_free_result($result);
    }

}
///////////
?>
<style type="text/css">
        /* "Winter Blues" CSS theme for CSS Table Gallery (http://icant.co.uk/csstablegallery/) by Gunta Klavina (http://www.klavina.com) */
    table {
        font: 85% "Lucida Grande", "Lucida Sans Unicode", "Trebuchet MS", sans-serif;
        padding: 0;
        margin: 0;
        border-collapse: collapse;
        color: #333;
        background: #F3F5F7;
    }

    table a {
        color: #3A4856;
        text-decoration: none;
        border-bottom: 1px solid #C6C8CB;
    }

    table a:visited {
        color: #777;
    }

    table a:hover {
        color: #000;
    }

    table caption {
        text-align: left;
        text-transform: uppercase;
        padding-bottom: 10px;
        font: 200% "Lucida Grande", "Lucida Sans Unicode", "Trebuchet MS", sans-serif;
    }

    table thead th {
        background: #3A4856;
        padding: 15px 10px;
        color: #fff;
        text-align: left;
        font-weight: normal;
    }

    table tbody, table thead {
        border-left: 1px solid #EAECEE;
        border-right: 1px solid #EAECEE;
    }

    table tbody {
        border-bottom: 1px solid #EAECEE;
    }

    table tbody td, table tbody th {
        padding: 10px;
        background: url("td_back.gif") repeat-x;
        text-align: left;
    }

    table tbody tr {
        background: #F3F5F7;
    }

    table tbody tr.odd {
        background: #F0F2F4;
    }

    table tbody  tr:hover {
        background: #EAECEE;
        color: #111;
    }

    table tfoot td, table tfoot th, table tfoot tr {
        text-align: left;
        font: 120% "Lucida Grande", "Lucida Sans Unicode", "Trebuchet MS", sans-serif;
        text-transform: uppercase;
        background: #fff;
        padding: 10px;
    }

    fieldset legend {
        color: #000;
        font-family: "Lucida Grande", "Lucida Sans Unicode", "Trebuchet MS", sans-serif;
        font-size: 14pt;
    }
</style>
<?
// if steamid or code is not ok
if (!$steamidvalid || !$codevalid) {
    $result = mysql_query("SELECT `nickname`,`steamid`,`date` FROM `$steamidstable` where `timeleft` > 0 ORDER BY `date`");
    ?>

<center>
    <table>
        <tr>
            <td>
                <form method="post"
                      action="<?php echo "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; ?>">

                    <?php echo stripslashes($t['getcode']);?>
                    <?php echo stripslashes($t['activation']);?>

                    <input type="text" name="steamid"
                           size="20" <?php if (isset($_POST['steamid']) && ($steamid != "")) echo "value=\"$steamid\""; ?>>
                    <?php 
                    if (!$steamidvalid && isset($_POST['steamid']))
                        echo stripslashes($t['steaminvalid']);
                    else if ($steamidvalid && isset($_POST['steamid']))
                        echo stripslashes($t['steamok']);
                    ?>

                    <?php echo stripslashes($t['steamidhowto']);?>
                    <?php echo stripslashes($t['code']);?>

                    <input type="text" name="code"
                           size="25" <?php if (isset($_POST['code']) && ($code != "")) echo "value=\"$code\""; ?>>
                    <?php 
                    if ($codeactivated) echo stripslashes($t['codealreadyused']);
                    else if (!$codevalid && isset($_POST['code']))
                        echo stripslashes($t['codeinvalid']);
                    else if ($codevalid && isset($_POST['code']))
                        echo stripslashes($t['codeok']);
                    ?>
                    </p></fieldset>
                    </fieldset>
                    <p><input type="submit" value="<?php echo stripslashes($t['submit']);?>" name="b1"></P>
                </form>

            </td>
        </tr>
    </table>
    <br>
    <table id="hor-minimalist-b">
        <thead>
        <tr>
            <?php echo stripslashes($t['thead']);?>
        </tr>
        </thead>
        <tbody>

            <?php
            $i = 0;
            while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
                if ($row[0] == "ANONYMOUS") $row[0] = stripslashes($t['anonym']);
                //$timeleft = intval($row[2] + 2678400 - time());
                $dateend = intval($row[2]);
                $diff = $dateend - time();

                $daysleft = intval($diff / 86400); // 86400 = secs in a day
                $diff = $diff - $daysleft * 86400;
                $hours = intval($diff / 3600);
                $diff = $diff - $hours * 3600;
                $minutes = intval($diff / 60);
                $diff = $diff - $minutes * 60;
                $seconds = intval($diff);
                $tleft = "$daysleft " . stripslashes($t['days']) . ", $hours" . stripslashes($t['hours']) . " $minutes" . stripslashes($t['minutes']) . " $seconds" . stripslashes($t['seconds']);
                printf("<tr><td>%s</td> <td>%s</td><td>%s</td></tr>", $row[0], $row[1], $tleft);
            }
            ?>
        </tbody>
    </table>
</center>
<?
    mysql_free_result($result);
} else if (!$confirmed && $steamidvalid && $codevalid) { // if user did not confirm steamid
    ?>
<center>
    <form method="post" action="<?php echo "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; ?>">
        <fieldset>
            <legend>STEAM_ID:</legend>
            <p>
                <input type="text" name="steamiddisabled" value="<?php echo $steamid; ?>" disabled>
                <input type="hidden" name="steamid" value="<?php echo $steamid; ?>">
                <input type="hidden" name="code" value="<?php echo $code; ?>">
                <input type="hidden" name="confirmed" value="ok">
            </p></fieldset>
        <fieldset>

            <?php echo stripslashes($t['confirm']);?>

            <input type="text" name="nickname" value="">
            </p></fieldset>
        <p><input type="submit" value="<?php echo stripslashes($t['activate']);?>" name="b1"></P>
    </form>
</center>
<?
} else if ($confirmed && $steamidvalid && $codevalid) { // if everything is ok do the job
    $nickname = stripslashes($t['anonym']);
    if (isset($_POST['nickname'])) {
        $temp = htmlspecialchars(trim($_POST['nickname']), ENT_QUOTES | ENT_NOQUOTES);
        if ($temp != "") {
            $nickname = $temp;
        }
    }
    $now = time();
    $till = $now + $left;

    // check if the steamid is already in base
    $query = "SELECT `steamid`,`date`,`timeleft` FROM `$steamidstable` WHERE `steamid` = '$steamid'";
    $result = mysql_query($query);

    $t_steamid = "";
    $t_date = 0;
    $t_timeleft = 0;

    // if yes (steam id found) then taking in consideration his timeleft
	$steaminbase = false;
	$steaminbaseactive = false;
    if (!is_bool($result)) {
        $row = mysql_fetch_array($result, MYSQL_NUM);
        $t_steamid = $row[0];
        $t_date = intval($row[1]);
        $t_timeleft = intval($row[2]);
        if ($t_timeleft > 0) $steaminbaseactive = true;
        if ($t_steamid == $steamid) $steaminbase = true;
    }
    $success = true;
    // update database - say that code is activated
    $query = "UPDATE `$codestable` SET `steamid` = '$steamid', `nickname` = '$nickname', `activated` = '1', `date` = '$now' WHERE `id` = '$codeid'";
    $result = mysql_query($query);
    if (!$result) $success = false;

    if (($steaminbase) && ($success)) {
        if ($steaminbaseactive) { // if a steam is has timeleft from previous times add his remained time
            $till = $till + $t_timeleft;
        }
        $query = "UPDATE `$steamidstable` SET `nickname` = '$nickname',`date` = '$till', `timeleft` = '$left', `lastcodeid` = '$codeid' WHERE `steamid` = '$steamid'";
        $result = mysql_query($query);
        if (!$result) $success = false;
    }
    if ((!$steaminbase) && ($success)) {
        $query = "INSERT INTO `$steamidstable`(`steamid`, `nickname`, `date`, `timeleft`, `lastcodeid`) VALUES ('$steamid','$nickname','$till','$left','$codeid')";
        $result = mysql_query($query);
        if (!$result) $success = false;
    }
    if ($success) {
        echo stripslashes($t['success']);
    }
    else {
        echo stripslashes($t['fail']) . mysql_error();
        //backoff
        $query = "UPDATE `$codestable` SET `activated` = '0' WHERE `id` = '$codeid'";
        $result = mysql_query($query);
        $success = false;
        // end backoff
    }
    if ($success) {
        if ($steaminbaseactive) {
            $table = $sbprefix . '_admins';
            $query = "UPDATE `$table` SET `timeleft`='$left', `timedonated`='$now', `till` = '$till' WHERE `authid` = '$steamid'";
            $result = mysql_query($query);
        } else if (!$steaminbaseactive) {
            $table = $sbprefix . '_admins';
            $query = "INSERT INTO `$table` (`aid`, `user`, `authid`, `password`, `gid`, `email`, `validate`, `extraflags`, `immunity`, `srv_group`, `srv_flags`, `srv_password`, `lastvisit`, `timeleft`, `timedonated`, `till`) VALUES ('','$steamid','$steamid','e139fb71002b076fd1f631bf30189a6ab9ba11dd','-1','nomail@nomail.net','0','0','0','VIP','','','','$left','$now', '$till')";
            $result = mysql_query($query);

            //getting data for `sb_admins_servers_groups`
            $table = $sbprefix . '_admins';
            $query = "SELECT `aid` FROM `$table` where `authid` = '$steamid'";
            $result = mysql_query($query);
            $row = mysql_fetch_array($result, MYSQL_NUM);
            $admin_id = $row[0];

            $table = $sbprefix . '_srvgroups';
            $query = "SELECT `id` FROM `$table` where `name` = '$vip'";
            $result = mysql_query($query);
            $row = mysql_fetch_array($result, MYSQL_NUM);
            $group_id = $row[0];
            //end getting data for `sb_admins_servers_groups`

            $table = $sbprefix . '_admins_servers_groups';
            $query = "INSERT INTO `$table` (`admin_id`, `group_id`, `srv_group_id`, `server_id`) VALUES ('$admin_id', '$group_id', '$srv_group_id', '$server_id')";
            $result = mysql_query($query);

        }

        //update data on the server
        $r = new rcon($serverip, $serverport, $serverrconpass);
        $r->Auth();
        $status = $r->rconCommand($racom);
        $status = $r->rconCommand($rdcom);
    }
}
?>